Posts Tagged ‘Disabling’

Disabling sound kernel modules on Debian and Ubuntu GNU / Linux servers

Friday, October 19th, 2012

First step is to list modules related to sound (snd):


root@pcfreak:/var/www# lsmod|grep -i snd
snd_hda_codec_realtek 235234 1
snd_hda_intel 20035 0
snd_hda_codec 53940 2 snd_hda_codec_realtek,snd_hda_intel
snd_hwdep 5220 1 snd_hda_codec
snd_pcm_oss 32415 0
snd_mixer_oss 12478 1 snd_pcm_oss
snd_pcm 60151 3 snd_hda_intel,snd_hda_codec,snd_pcm_oss
snd_seq_midi 4256 0
snd_rawmidi 15323 1 snd_seq_midi
snd_seq_midi_event 4628 1 snd_seq_midi
snd_seq 41281 2 snd_seq_midi,snd_seq_midi_event
snd_timer 15502 2 snd_pcm,snd_seq
snd_seq_device 4493 3 snd_seq_midi,snd_rawmidi,snd_seq
snd 45998 11
snd_hda_codec_realtek,snd_hda_intel,snd_hda_codec,snd_hwdep,snd_pcm_oss,snd_mixer_oss,snd_pcm,snd_rawmidi,snd_seq,snd_timer,snd_seq_device
soundcore 4566 1 snd
snd_page_alloc 6217 2 snd_hda_intel,snd_pcm

Then snd modules could be removed from current live system, for my Intel RealTek SoundBlaster, I had to remove following modules in (remove) order as follows:


root@pcfreak:/var/www# rmmod soundcore
ERROR: Module soundcore is in use by snd
root@pcfreak:/var/www# rmmod snd_hda_codec_realtec
ERROR: Module snd_hda_codec_realtec does not exist in /proc/modules
root@pcfreak:/var/www# rmmod snd_hda_intel
root@pcfreak:/var/www# rmmod snd_hda_codec
ERROR: Module snd_hda_codec is in use by snd_hda_codec_realtek
root@pcfreak:/var/www# rmmod snd_hda_codec_realtek
root@pcfreak:/var/www# rmmod snd_hda_codec
root@pcfreak:/var/www# rmmod snd_pcm_oss
root@pcfreak:/var/www# rmmod snd_seq_midi
root@pcfreak:/var/www# rmmod snd_rawmidi
root@pcfreak:/var/www# rmmod snd_seq_midi_event
root@pcfreak:/var/www# rmmod snd_seq
root@pcfreak:/var/www# rmmod snd_timer
ERROR: Module snd_timer is in use by snd_pcm
root@pcfreak:/var/www# rmmod snd_seq_device
root@pcfreak:/var/www# rmmod snd_pcm
root@pcfreak:/var/www# rmmod snd_seq_device
ERROR: Module snd_seq_device does not exist in /proc/modules
root@pcfreak:/var/www# rmmod snd_hda_intel
ERROR: Module snd_hda_intel does not exist in /proc/modules
rmmod snd_hwdep
root@pcfreak:/var/www# rmmod snd_mixer_oss
root@pcfreak:/var/www# rmmod snd_timer
root@pcfreak:/var/www# rmmod snd
root@pcfreak:/var/www# rmmod soundcore
root@pcfreak:/var/www#

Next step is to permanently disable all (blacklist) on system boot time loaded kernel modules, to do so in file /etc/modprobe.d/snd-bkaclist.conf, put:


blacklist soundcore
blacklist snd
blacklist snd_pcm
blacklist snd_pcsp
blacklist pcspkr

You can do it from shell ‘echo’-ing into file, like so:

# touch /etc/modprobe.d/snd-blacklist.conf
# cd /etc/modprobe.d/
# echo ‘blacklist soundcore’ >> snd-blacklist.conf
# echo ‘blacklist snd’ >> snd-blacklist.conf
# echo ‘blacklist snd_pcm’ >> snd-blacklist.conf
# echo ‘blacklist snd_pcsp’ >> snd-blacklist.conf
# echo ‘blacklist pcspkr’ >> snd-blacklist.conf

Another way is to use a tiny shellscript containing all previously shown rmmod commands and set the script to be executed via /etc/rc.local by adding the rmmod modules script, before exit 0 rc.local line.

Shell script removing my Realtek ICH sound driversis here
If you like to use it download it in /usr/local/bin or somewhere and invoke it via rc.local.
Removing sound blaster kernel support does not impact the overall machine performance, but in terms of security. Having sound driver modules constantly loaded in memory is a point which a possible attacker can use to root the host, so in my view always sound driver support should be removed.
Well that’s it hope this post helps someone 🙂

How to disable PC Speaker on FreeBSD / Mute PC-Speaker on BSD kernels

Wednesday, May 16th, 2012

 

old school personal computer pc speaker / freebsd disable Pc-Speaker picture

After finding out How PC Speaker is muted on Linux , I've decided to also disable the annoying beeps on BSD. This is in tandem with the minimalistic philosophy I try to apply to every server I manage.

Also on BSD Desktop machines it is quite annoying especially if csh (C Shell) is used, everytime you press TAB you get the beep sound. On BSD beep sound produced on tab completion is louder than in Linux and that makes it even more annoying …

Disabling pc-speaker beeps on BSDs is done via a sysctl kernel variable:

freebsd# sysctl hw.syscons.bell=0
hw.syscons.bell: 0 -> 0

To further permanently disable on system boot add hw.syscons.bell=0 to /etc/sysctl.conf, e.g.:

freebsd# echo 'hw.syscons.bell=0' >> /etc/sysctl.conf

 

Well that's it no more mind drilling beeps :)

 

How to disable IPv6 on Debian / Ubuntu / CentOS and RHEL Linux

Friday, December 9th, 2011

I have few servers, which have automatically enabled IPv6 protocols (IPv6 gets automatically enabled on Debian), as well as on most latest Linux distribituions nowdays.

Disabling IPv6 network protocol on Linux if not used has 2 reasons:

1. Security (It’s well known security practice to disable anything not used on a server)
Besides that IPv6 has been known for few criticil security vulnerabilities, which has historically affected the Linux kernel.
2. Performance (Sometimes disabling IPv6 could have positive impact on IPv4 especially on heavy traffic network servers).
I’ve red people claiming disabling IPv6 improves the DNS performance, however since this is not rumors and did not check it personally I cannot positively confirm this.

Disabling IPv6 on all GNU / Linuces can be achieved by changing the kernel sysctl settings net.ipv6.conf.all.disable_ipv6 by default net.ipv6.conf.all.disable_ipv6 equals 1 which means IPv6 is enabled, hence to disable IPv6 I issued:

server:~# sysctl net.ipv6.conf.all.disable_ipv6=0

To set it permanently on system boot I put the setting also in /etc/sysctl.conf :

server:~# echo 'net.ipv6.conf.all.disable = 1 >> /etc/sysctl.conf

The aforedescribed methods should be working on most Linux kernels version > 2.6.27 in that number it should work 100% on recent versions of Fedora, CentOS, Debian and Ubuntu.

To disable IPv6 protocol on Debian Lenny its necessery to blackist the ipv6 module in /etc/modprobe.d/blacklist by issuing:

echo 'blacklist ipv6' >> /etc/modprobe.d/blacklist

On Fedora / CentOS there is a another universal “Redhat” way disable IPv6.

On them disabling IPv6 is done by editting /etc/sysconfig/network and adding:

NETWORKING_IPV6=no
IPV6INIT=no

I would be happy to hear how people achieved disabling the IPv6, since on earlier and (various by distro) Linuxes the way to disable the IPv6 is probably different.
 

Alto to stop Iptables IPV6 on CentOS / Fedora and RHEL issue:

# service ip6tables stop

# service ip6tables off

Disabling php execution for a VirtualHost

Saturday, February 6th, 2010

Disabling php execution for a certain virtual domain is incredibly simple:
All you need to do is add:

php_value engine off

That could be anywhere in your VirtualHost directives.
Another possible approach is through enabling .htaccess for a domain, e.g.:

Adding:
AllowOverride All to your domain of choice.

After which you had to put:
php_flag engine off to htaccess file
Now there you go! php scripts won’t execute anymore.